chore: cherry-pick 5ff02e4d7368 from chromium (#34019)

ppontes · patchup[bot] · electron-bot · web-flow · commit 79af6f3493cf · 2022-05-03T23:57:14.000-07:00
* chore: cherry-pick 5ff02e4d7368 from chromium

* chore: update patches

Co-authored-by: PatchUp &lt;73610968+patchup[bot]@users.noreply.github.com&gt;
Co-authored-by: Electron Bot &lt;electron@github.com&gt;
diff --git a/patches/chromium/.patches b/patches/chromium/.patches
@@ -175,4 +175,5 @@ skia_renderer_-_don_t_explicitly_clip_scissor_for_large_transforms.patch
 skia_renderer_use_rectf_intersect_in_applyscissor.patch
 cherry-pick-1a31e2110440.patch
 m100_change_ownership_of_blobbytesprovider.patch
+cherry-pick-5ff02e4d7368.patch
 cherry-pick-12ba78f3fa7a.patch
diff --git a/patches/chromium/cherry-pick-5ff02e4d7368.patch b/patches/chromium/cherry-pick-5ff02e4d7368.patch
@@ -0,0 +1,40 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: UwU UwU <uwu7586@gmail.com>
+Date: Tue, 19 Apr 2022 15:10:38 +0000
+Subject: NavigatorManagedData: Prevent iterator invalidation during Promise
+ resolution
+
+(cherry picked from commit 6083135252280d9b43e26169eb35154a9ac861ea)
+
+Bug: 1307223
+Change-Id: Iead6cf8c6236a95dbdfe7877c912f6ba86b370ac
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3532439
+Commit-Queue: Anqing Zhao <anqing@chromium.org>
+Cr-Original-Commit-Position: refs/heads/main@{#984230}
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3577263
+Reviewed-by: Artem Sumaneev <asumaneev@google.com>
+Owners-Override: Artem Sumaneev <asumaneev@google.com>
+Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
+Cr-Commit-Position: refs/branch-heads/4664@{#1591}
+Cr-Branched-From: 24dc4ee75e01a29d390d43c9c264372a169273a7-refs/heads/main@{#929512}
+
+diff --git a/third_party/blink/renderer/modules/managed_device/navigator_managed_data.cc b/third_party/blink/renderer/modules/managed_device/navigator_managed_data.cc
+index 2df64ff2c51dfe080cd50b46199e9c1d77ea26db..32b48ca0157a52d322aa4e00d18d4e662d3b1c4a 100644
+--- a/third_party/blink/renderer/modules/managed_device/navigator_managed_data.cc
++++ b/third_party/blink/renderer/modules/managed_device/navigator_managed_data.cc
+@@ -108,8 +108,14 @@ void NavigatorManagedData::OnServiceConnectionError() {
+       !managed_configuration_service_.is_connected()) {
+     managed_configuration_service_.reset();
+   }
++
++  // Move the set to a local variable to prevent script execution in Reject()
++  // from invalidating the iterator used by the loop.
++  HeapHashSet<Member<ScriptPromiseResolver>> pending_promises;
++  pending_promises_.swap(pending_promises);
++
+   // Resolve all pending promises with a failure.
+-  for (ScriptPromiseResolver* resolver : pending_promises_) {
++  for (ScriptPromiseResolver* resolver : pending_promises) {
+     resolver->Reject(
+         MakeGarbageCollected<DOMException>(DOMExceptionCode::kNotAllowedError,
+                                            kNotHighTrustedAppExceptionMessage));
